<?php
// wg twojego skryptu leci zwykly tekst
$test = "hello <script type=\"text/javascript\"> alert('xds'); </script> \\//\\\\\\ //// ";
// kasujemy / \
$removed = str_replace( ['/', '\\'], ['',''], $test );
// jak to wyglada:
echo "1.". $test . PHP_EOL;
echo "2.". $removed . PHP_EOL;
// filtrujemy
$cleared = filter_var($removed,FILTER_SANITIZE_STRING);
// rezultat
echo "3.". $cleared. PHP_EOL;
echo json_encode($cleared). PHP_EOL;
- Output for 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- 1.hello <script type="text/javascript"> alert('xds'); </script> \//\\\ ////
2.hello <script type="textjavascript"> alert('xds'); <script>
Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in /in/8nvMK on line 13
3.hello alert('xds');
"hello alert('xds'); "
- Output for 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.20, 7.2.0 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30
- 1.hello <script type="text/javascript"> alert('xds'); </script> \//\\\ ////
2.hello <script type="textjavascript"> alert('xds'); <script>
3.hello alert('xds');
"hello alert('xds'); "
preferences:
228.86 ms | 404 KiB | 268 Q